[wp-trac] [WordPress Trac] #16956: Comments Being Pulled from Non-Existent Post Types
WordPress Trac
noreply at wordpress.org
Sat Sep 12 21:26:59 UTC 2015
#16956: Comments Being Pulled from Non-Existent Post Types
-------------------------------------------------+-------------------------
Reporter: sterlo | Owner:
Type: defect (bug) | boonebgorges
Priority: normal | Status: closed
Component: Posts, Post Types | Milestone: 4.4
Severity: normal | Version: 3.1
Keywords: has-patch 2nd-opinion needs-unit- | Resolution: fixed
tests | Focuses:
-------------------------------------------------+-------------------------
Changes (by boonebgorges):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"34091"]:
{{{
#!CommitTicketReference repository="" revision="34091"
Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core
caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database
after
the post type is no longer present, and WP does an 'edit_post' or other
cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post
types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges,
nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16956#comment:54>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list